WP Ghost is fully compatible with Really Simple SSL. The only configuration step needed is ensuring the correct rule order in .htaccess. When Really Simple SSL uses its “301 redirect with .htaccess” option, it adds SSL rewrite rules to the .htaccess file. If these rules are placed after WP Ghost’s rules, the SSL redirect may not work correctly. The fix is simple: re-save WP Ghost settings after saving Really Simple SSL, which moves the rules to the correct position.
Most Really Simple SSL features work without any WP Ghost configuration. The only issue arises when Really Simple SSL uses the 301 redirect with .htaccess option. This option writes SSL redirect rules to .htaccess, but it places them after WP Ghost’s rules. Apache processes .htaccess rules top to bottom – the first matching rule wins. If WP Ghost’s path security rules are above the SSL redirect, visitors may hit a WP Ghost rewrite before the SSL redirect fires, causing unexpected behavior. The fix is to ensure the SSL redirect rules are at the top of the file.
The Really Simple SSL rewrite rules that need to be at the top of .htaccess:
# BEGIN rlrssslReallySimpleSSL
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
# END rlrssslReallySimpleSSLThe simplest fix is to re-save WP Ghost settings after saving Really Simple SSL settings. WP Ghost automatically repositions its rules correctly when you save.
.htaccess file with the rules in the correct order.If .htaccess is not writable: If WP Ghost or Really Simple SSL can’t write to .htaccess (common on hardened servers), you need to manually edit the file. Open .htaccess via FTP or File Manager, locate the Really Simple SSL block (# BEGIN rlrssslReallySimpleSSL to # END rlrssslReallySimpleSSL), and move it to the very top of the file, above all WP Ghost rules. Save the file.
This only applies to Apache and LiteSpeed servers. Nginx doesn’t use .htaccess files, so this issue doesn’t occur on Nginx servers. IIS uses web.config which handles rule order differently.
A redirect loop usually means conflicting SSL redirect rules. Check if you have SSL redirect configured in multiple places (Really Simple SSL, WP Ghost, hosting panel, Cloudflare). Use only one SSL redirect source. If you use Really Simple SSL for SSL redirect, make sure WP Ghost isn’t also forcing HTTPS via its own settings.
Really Simple SSL may have overwritten or repositioned the WP Ghost rules in .htaccess. Re-save WP Ghost settings to restore the correct rule order. If the issue persists, open .htaccess and verify that WP Ghost’s rules are present and intact.
Mixed content (HTTP resources on HTTPS pages) is a Really Simple SSL issue, not a WP Ghost conflict. Really Simple SSL’s “Mixed Content Fixer” option handles most cases automatically. Check your browser console for specific resources still loading over HTTP and update them manually if needed.
No. If you use Really Simple SSL’s PHP-based redirect or if your hosting handles SSL at the server level, there’s no .htaccess rule order issue. WP Ghost and Really Simple SSL work together without any configuration in that case.
Only if Really Simple SSL modifies the .htaccess file. For most users, this is a one-time setup – save Really Simple SSL settings, then re-save WP Ghost settings, and the order is correct from that point forward. You only need to repeat this if you change Really Simple SSL’s .htaccess redirect settings later.
WP Ghost doesn’t include a dedicated SSL redirect feature. It relies on your hosting, a plugin like Really Simple SSL, or Cloudflare to handle SSL. WP Ghost’s security headers feature can add HSTS (Strict-Transport-Security) headers, which tell browsers to always use HTTPS – but this is different from the 301 redirect that Really Simple SSL provides.
Yes. WP Ghost is fully compatible with WooCommerce, and Really Simple SSL works with WooCommerce too. SSL is essential for WooCommerce sites handling payment data.
No. WP Ghost writes rewrite rules to .htaccess (Apache) or hidemywp.conf (Nginx) and uses WordPress hooks for application-level changes. No core files are modified.
SSL and security configuration:
Replace the default wp_ database prefix with a random one to protect against SQL injection…
Change the WordPress uploads directory path with WP Ghost (rewrite rules, no files moved) or…
Configure WP Ghost with WP Rocket cache. Enable file optimization, Change Paths in Cache Files.…
https://youtu.be/6ylhojSi-_E In this video, we’ll explore why website security matters and what can happen if…
The security of your WordPress site depends on multiple factors, such as the strength of…
Step-by-step guides to connect WP Ghost 2FA with Google Authenticator, Authy, Microsoft Authenticator, or LastPass.…